Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Course 002 - Play It Safe: Manage Security Risks > Module 1 - 02-1 > Flashcards

Module 1 - 02-1 Flashcards

More about the CISSP security domains (58 cards)

Start Studying
1
Q

Define Security posture

A

An organization’s ability to manage its defense of critical assets and data and react to change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does CISSP stand for?

A

Certified Information Systems Security Professional (CISSP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the eight CISSP Security Domains (8)?

A
  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the first (1st) CISSP Security Domain?

A
  1. Security and Risk Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the second (2nd) CISSP Security Domain?

A
  1. Asset Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the third (3rd) CISSP Security Domain?

A
  1. Security Architecture and Engineering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the fourth (4th) CISSP Security Domain?

A
  1. Communication and Network Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the fifth (5th) CISSP Security Domain?

A
  1. Identity and Access Management (IAM)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the sixth (6th) CISSP Security Domain?

A
  1. Security Assessment and Testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the seventh (7th) CISSP Security Domain?

A
  1. Security Operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the eight (8th) CISSP Security Domain?

A
  1. Software Development Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What areas does the first (1st) Security Domain, Security and Risk Management, focus on (5)?

A
  • Defining Security Goals and Objectives,
  • Risk Mitigation,
  • Compliance,
  • Business Continuity,
  • Legal Regulations
    (Professional and Organizational Ethics)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define how Security Goals and Objectives pertains to the Security and Risk Management Domain

A

Organizations can reduce risks to critical assets and data like PII, or personally identifiable information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define how Risk Mitigation pertains to the Security and Risk Management Domain

A

Having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define how Compliance pertains to the Security and Risk Management Domain

A

The primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define how Business Continuity pertains to the Security and Risk Management Domain

A

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define how Legal Regulations pertains to the Security and Risk Management Domain

A

Following rules and expectations for ethical behavior to minimize negligence, abuse, or fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define Risk Mitigation

A

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define Business Continuity

A

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does InfoSec stand for?

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which CISSP Security Domain does InfoSec relate to?

A

CISSP Security and Risk Management Security Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does InfoSec refer to?

A

A set of processes established to secure information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some InfoSec design processes (5)?

A
  • Incident response
  • Vulnerability management
  • Application security
  • Cloud security
  • Infrastructure security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What area does the second (2nd) Security Domain, Asset Security, focus on?

Study These Flashcards
A

Securing Digital and Physical Assets.
It involves managing the cybersecurity processes of organizational assets, including the storage, maintenance, retention, and destruction of physical and virtual data

25
What can an organization do to determine the level of risk associated with an asset (3)?
* Conducting a security impact analysis * Establishing a recovery plan * Managing data exposure
26
What area does the third (3rd) Security Domain, Security Architecture and Engineering, focus on?
Optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization's assets and data
27
What is one of the core concepts of Secure Design Architecture?
Shared Responsibility
28
Define Shared Responsibility
All individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security
29
What additional design principles that relate to the Security Architecture and Engineering Security Domain (8)?
* Threat modeling * Least privilege * Defense in depth * Fail securely * Separation of duties * Keep it simple * Zero trust * Trust but verify
30
What area does the fourth (4th) Security Domain, Communication and Setwork Security, focus on?
Managing and securing physical networks and wireless communications
31
What area does the fifth (5th) Security Domain, Identity and Access Management (IAM), focus on?
Access and authorization to keep data secure by making sure users follow established policies to control and manage assets. Basically, the goal of IAM is to reduce the overall risk to systems and data.
32
What does IAM stand for?
Identity and Access Management (IAM)
33
What are the four main components to Identity and Access Management (IAM)?
i. Identification ii. Authentication iii. Authorization iv. Accountability
34
Define how Identification pertains to the Identity and Access Management (IAM) Domain
A user verifies who they are by providing a user name, an access card, or biometric data such as a fingerprint
35
Define how Authentication pertains to the Identity and Access Management (IAM) Domain
The verification process to prove a person's identity, such as entering a password or PIN
36
Define how Authorization pertains to the Identity and Access Management (IAM) Domain
Takes place after a user's identity has been confirmed and relates to their level of access, which depends on the role in the organization
37
Define how Accountability pertains to the Identity and Access Management (IAM) Domain
Monitoring and recording user actions, like login attempts, to prove systems and data are used properly
38
What principle does the Identity and Access Management (IAM) Domain use?
Least Privilege
39
What is the concept of Least Privilege?
The concept of granting only the minimal access and authorization required to complete a task
40
What area does the sixth (6th) Security Domain, Security Assessment and Testing, focus on?
Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities
41
What is another name for Penetration Testers?
Pen Testers
42
What is the primary action of Pen Testers?
To find vulnerabilities that could be exploited by a threat actor
43
What area does the seventh (7th) Security Domain, Security Operations, focus on?
Conducting investigations and implementing preventative measures
44
What strategies, processes, and tools can be used to implement preventative measures for the Security Operations Domain (9)?
* Training and awareness * Reporting and documentation * Intrusion detection and prevention * SIEM tools * Log management * Incident management * Playbooks * Post-breach forensics * Reflecting on lessons learned
45
What area does the eight (8th) Security Domain, Software Development Security, focus on?
Using secure coding practices (programming practices and guidelines to create secure applications and services)
46
Match each CISSP security domain to its area of focus: Optimizing data security by using effective tools, systems, and processes CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security
Security architecture and engineering
47
Match each CISSP security domain to its area of focus: Security goals and objectives, risk mitigation, compliance, business continuity, and the law CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security
Security and risk management
48
Match each CISSP security domain to its area of focus: Managing and securing physical networks and wireless communications CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security
Communication and network security
49
Match each CISSP security domain to its area of focus: Securing assets; storage, maintenance, retention, and destruction of data CISSP security domain: * Security and risk management * Asset security * Security architecture and engineering * Communication and network security
Asset security
50
Match each CISSP security domain to its area of focus: Using secure coding practices to create secure applications and services CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security
Software development security
51
Match each CISSP security domain to its area of focus: Conducting investigations and implementing preventative measures CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security
Security operations
52
Match each CISSP security domain to its area of focus: Using access, authorization, and established policies to secure data and manage assets CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security
Identity and access management
53
Match each CISSP security domain to its area of focus: Conducting security control testing and audits, collecting and analyzing data CISSP security domain: * Identity and access management * Security assessment and testing * Security operations * Software development security
Security assessment and testing
54
The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets. * communication and network security * identity and access management * security operations * asset security
identity and access management
55
What is the focus of the security and risk management domain? * Optimize data security by ensuring effective processes are in place * Manage and secure wireless communications * Secure physical networks and wireless communications * Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations
Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations
56
In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities? * Communication and network engineering * Security architecture and engineering * Security assessment and testing * Identity and access management
Security assessment and testing
57
The _____ domain concerns conducting investigations and implementing preventive measures. * asset security * software development security * security operations * communications and networking engineering
security operations
58
Define Asset Security
Focused on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.

Course 002 - Play It Safe: Manage Security Risks (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions